What is API Management
API's play an ever-increasing role in the digital economy, and their business value cannot be underestimated. Data is, in many ways, one of the most valuable assets a business has. Successful companies rely on data to enhance digital capabilities and make fast and accurate business decisions while introducing secure, personalized web- and mobile applications to internal and external stakeholders. To access business-critical data, organizations are investing in API’s as an enabler to rapid integration, making it a critical part of their business strategy.
“An API management solution helps companies to centralize control and streamline the development of their API’s while ensuring they meet the required standards necessary to connect vital systems at scale”.
Why API Management is so important (to your business)
While developing and maintaining different API’s we tend to apply different architectural characteristics to every individual API in order to provide similar functionalities, which enforces challenges and adds up to be a lot of individual work. In large-scale projects, development of critical features across different channels becomes cumbersome and complex.
Our API Management approach attempts to take away these cross-cutting concerns in managing different API’s and provides us with a singular solution empowering different architectural advantages like:
Reduced operation complexity
A unified way to apply both out-of-the-box and custom plugins
Managing centralized authentication and security
Comprehensive traffic management
Easy governance of services, developers, and integrators
A unified layer of insights across our entire API ecosystem
Being able to deploy and reuse integrational assets efficiently is a tremendous benefit of using an API management solution. Enabling us to return our main focus on delivering core business value to our customers.
"This makes API management so essential. It gives your business the right tools for securing, scaling, governing, analyzing, and monetizing your API services. By cutting manual rework and streamlining development, it makes API Management a significant driver of both technological agility and economic growth".
How we do API Management
The API Gateway is the main component in our API Management solutions which acts as a layer of abstraction by positioning a facade between the backend services and their consumers, accepting API calls, and routing them to the appropriate backends. On top of that, the gateway provides a set of centralized best practices for which standardized information can further be translated to the underlying back-end services as needed.
API Management Setup
Our API Gateway is fully open-source and built on top of Nginx. It supports multiple languages for plugin development, such as Go, Java, Rust, NodeJS, and Python. On top of that, it’s fully vendor-agnostic, multi-protocol, and multi-cloud.
For most cases, we set up our gateway on top of an EKS cluster providing a separate Data and Control plane:
Our Control plane can be looked at as an airplane's cockpit, it is concerned with establishing policy, and it functions as a single source of truth responsible for configuring underlying services. We make full advantage of the etcd event notification system, which allows the configuration to be synchronized in real-time, enabling hot reloads, minimizing impact and downtime
It’s the Data plane’s sole job to consume and execute accordingly through advanced traffic management, handling requests that are actually being proxied while enforcing policies as stated in the configuration
Our intelligence plane allows us to monitor API usage, load, throughput and tracing across different services in a centralized manner in order to gain insights into the operational part of our entire API ecosystem
This separation of concern offers a clear separation of responsibilities between the control- and data plane, empowering a powerful system, each addressing its own responsibilities. On top of that our data plane configuration is provided on three separated etcd, a key-value config store on top of Golang, nodes providing resiliency for critical configuration management which avoids single point of failure.
This results in the following architecture:
API Developer portal
On top of the API Gateway, we provide an API portal that functions as a central place where API developers can configure endpoints, policies and manage user access. In terms of flexibility, our API portal consists of an easy-to-use dashboard through an intuitive admin UI but also empowers an admin API which entails an optimum developer experience.
“API governance is not futile, it's an aspect of how we empower developers to do things better.”
We have found that having the right API governance in place is crucial to complement and aid API management strategies. Both function to ensure API’s are highly secure, standard-compliant, and scalable in the future since it provides clear visibility over our different API’s and monitors how they are being used in accordance with policies, rules, and contractual obligations.
Since there is no need to reinvent the wheel, again and again, we enforce policies on our different services by using a pluginised workflow, using a combination of proven pre-built and custom plugins to create high-performant systems within tight deadlines.
By using these illustrative plugins, we keep our systems balanced while saving development time. So we are able to focus on what really matters: the development of business logic that makes an impact on our end-users.
Performance & scalability
Performance and scalability are key in any back-end system also for your API Management solution. Therefore we provide the right Load Balancing and Routing Algorithms for fine-grained control. In addition, we use etcd with Hot Reloading under the hood to provide high-speed synchronized systems, from routing to plugins; all these are designed to be ultra-performant with as minimum latency as possible.
Security is the main factor throughout any API solution so we provide different security plugins for centralized verification, identity, and access management. Including CORS, CSRF, JWT, Key Auth, OpenID Connect,... Through our gateway we are able to provide centralized security for all underlying backend services, realizing both stability and security throughout the entire ecosystem.
By the use of Prometheus we gather metrics across a wide range of different systems. These metrics are being pulled within Grafana or Kibana for optimal visualization and enable us to monitor API usage, load, logs, and traces across different services in a centralized manner in order to gain insights into the operational part of our entire API ecosystem.
By gaining detailed analytics, we are able to provide useful business insights. Backed by clear metrics and visual reports on API usage and performance, decisions become more data-driven and we are able to provide more favorable outcomes on possible digital strategies.
Through our API management approach, we are able to leverage these benefits to build top-tier large-scale cloud platforms, read more about this in our upcoming blog!